It is a common requirement to have a form on almost any website.
In this article, we will create a php script that will send an email when a web form is submitted.
There are two parts to the web form:
- the html form code for the form. the html code below shows a standard form in web browser. if you’re new to html coding, check out: html form tutorial
- the php script to handle the form submission. the script receives the form submission and sends an email.
html code for the email form:
the form contains the following fields: name, email and message.
name and email are single line text input fields, while “message” is a textarea field (multiline text input).
You can have different types of input fields on a form. see the html form input examples page for more information.
clicking the submit button will send the form to “form-to-email.php”. this form is submitted via the post method
access the form submission data in the php script
once your website visitor has submitted the form, the browser sends the form submission data to the script mentioned in the form’s “action” attribute. (for the current form, the script is form-to-email.php)
since we have the form post method mentioned as post in the form (method=’post’), we can access the form post data via the $_post[] array in the php script.
The following code gets the submitted values for the fields: name, email, and message.
compose the email message
Now, we can use the above php variables to compose an email message. here is the code:
The sender’s address, the subject and the body of the email message are composed in the code above. note how the message body is composed using variables.
if a visitor ‘anthony’ submits the form, the email message will look like this: “you have received a new message from user anthony. here is the message: hi, thanks for your great site. love your site. thank you and bye, anthony.”
sending the email
the php function to send emails is mail().
for more details, see the php mail() page.
the header parameter is to provide additional mail parameters (such as sender address, cc, bcc, etc.)
here is the code to send the email:
Note that we put your email address in the ‘from’ parameter and the visitor’s email address in the ‘reply-to’ parameter. the ‘from’ parameter should indicate the origin of the email. if you put the visitor’s email address in the ‘from’ parameter, some email servers may reject the email thinking you are impersonating someone.
send the email to more than one recipient
if you want to send the email to more than one recipient, you just need to add them in the “$to” variable.
You can also use the cc (carbon copy) and bcc (blind carbon copy) parameters. cc and bcc emails are added in the ‘headers’ parameter.
sample code:
protect the form against email injection
Spammers look for exploitable email forms to send spam emails. they use the form handler script as a “relay”. what they do is submit the form with rigged form values. To protect our form from such attacks, we need to validate the submitted form data.
every value that goes into the ‘headers’ parameter should be checked to see if it contains r or n. hackers insert these characters and add their own code to cheat the function.
here is the updated code:
In general, any value used in the header must be validated against the code above.
better, full validations can be done using the php form validation script here.
php form to send the complete code by email
The following link contains the full form, validation and email code.
download the php form to send the code by email